Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
dynamic (ActiveRecord based) implementation
  • Loading branch information
Sven Fuchs committed Jul 16, 2009
1 parent 86e9841 commit 76e0a9a
Show file tree
Hide file tree
Showing 5 changed files with 98 additions and 10 deletions.
6 changes: 6 additions & 0 deletions lib/rbac.rb
Expand Up @@ -4,6 +4,12 @@
require 'rbac/role_type'

module Rbac
class UndefinedRole < IndexError
def initialize(name)
"Could not find role named #{name}"
end
end

class AuthorizingRoleNotFound < IndexError
def initialize(context, action)
"Could not find role(s) for #{action} (on: #{context.inspect})"
Expand Down
43 changes: 43 additions & 0 deletions test/active_record_implementation.rb
@@ -0,0 +1,43 @@
require File.dirname(__FILE__) + '/test_helper'

ActiveRecord::Base.connection.create_table :role_types do |t|
t.references :parent
t.string :name
t.boolean :requires_context, :default => true
end

class RoleType < ActiveRecord::Base
include Rbac::RoleType
belongs_to :parent, :class_name => 'RoleType'

class << self
def build(name)
find_by_name(name.to_s) || raise(Rbac::UndefinedRole.new(name))
end
end

def children
self.class.all(:conditions => { :parent_id => self.id })
end

def granted_to?(user, context = nil, options = {})
return super unless ['anonymous', 'user', 'author'].include?(name)
return false if options[:explicit]

case name
when 'anonymous'
true
when 'user'
user.try(:registered?)
when 'author'
context.respond_to?(:author) && context.author == user || super
end
end
end

anonymous = RoleType.create!(:name => 'anonymous', :parent => nil, :requires_context => false)
user = RoleType.create!(:name => 'user', :parent => anonymous, :requires_context => false)
author = RoleType.create!(:name => 'author', :parent => user)
moderator = RoleType.create!(:name => 'moderator', :parent => author)
superuser = RoleType.create!(:name => 'superuser', :parent => moderator, :requires_context => false)
editor = RoleType.create!(:name => 'editor', :parent => user)
45 changes: 45 additions & 0 deletions test/active_record_implementation_test.rb
@@ -0,0 +1,45 @@
require File.dirname(__FILE__) + '/test_helper'
require File.dirname(__FILE__) + '/database'
require File.dirname(__FILE__) + '/active_record_implementation'

Rbac::RoleType.implementation = RoleType

class ActiveRecordImplementationTest < Test::Unit::TestCase
test "has_role? (single argument)" do
assert_equal true, superuser.has_role?(:superuser)
assert_equal true, superuser.has_role?(:user)
assert_equal true, superuser.has_role?(:anonymous)
end

test "has_role? (array argument)" do
assert_equal false, moderator.has_role?([:superuser])
assert_equal false, moderator.has_role?([:moderator, :superuser])
assert_equal true, moderator.has_role?([:moderator, :superuser], blog)
assert_equal true, moderator.has_role?([:author, :superuser], content)
end

test "has_explicit_role?" do
assert_equal true, superuser.has_explicit_role?(:superuser)
assert_equal false, superuser.has_explicit_role?(:user)
assert_equal false, superuser.has_explicit_role?(:anonymous)
end

test "has_permission? raises Rbac::AuthorizingRoleNotFound exception when authorizing role can not be found" do
assert_raises(Rbac::AuthorizingRoleNotFound) { superuser.has_permission?('drink redbull', Rbac::Context.root) }
end

test "has_permission? returns true when the user has a role that authorizes the action" do
with_default_permissions(:'edit content' => [:author]) do
assert_equal true, superuser.has_permission?('edit content', Rbac::Context.root)
end
end

test "has_permission? returns true for authorized roles that aren't part of the same role hierarchy" do
with_default_permissions(:'edit content' => [:editor]) do
content = self.content
content.section.permissions = { :'edit content' => [:moderator] }
assert_equal true, moderator.has_permission?('edit content', content)
assert_equal true, editor.has_permission?('edit content', content)
end
end
end
8 changes: 0 additions & 8 deletions test/has_role_test.rb
Expand Up @@ -11,10 +11,6 @@ class HasRoleTest < Test::Unit::TestCase
assert_equal true, superuser.has_role?(:superuser)
assert_equal true, superuser.has_role?(:user)
assert_equal true, superuser.has_role?(:anonymous)

assert_equal true, superuser.has_role?(Superuser)
assert_equal true, superuser.has_role?(User)
assert_equal true, superuser.has_role?(Anonymous)
end

test "has_role? (array argument)" do
Expand All @@ -28,10 +24,6 @@ class HasRoleTest < Test::Unit::TestCase
assert_equal true, superuser.has_explicit_role?(:superuser)
assert_equal false, superuser.has_explicit_role?(:user)
assert_equal false, superuser.has_explicit_role?(:anonymous)

assert_equal false, user.has_explicit_role?(Superuser)
assert_equal false, user.has_explicit_role?(User)
assert_equal false, user.has_explicit_role?(Anonymous)
end

test "has_permission? raises Rbac::AuthorizingRoleNotFound exception when authorizing role can not be found" do
Expand Down
6 changes: 4 additions & 2 deletions test/static_implementation.rb
@@ -1,12 +1,14 @@
module Static
mattr_accessor :role_types
self.role_types = [:editor, :superuser, :moderator, :author, :user, :anonymous]

class << self
def build(name)
const_get(name.to_s.camelize)
end

def all
# constants.map { |name| const_get(name) }
[Editor, Superuser, Moderator, Author, User, Anonymous]
@role_types ||= role_types.map { |type| build(type) }
end
end

Expand Down

0 comments on commit 76e0a9a

Please sign in to comment.